[OWASP_PHPSEC] CSRF Protection

Abbas Naderi abiusx at owasp.org
Fri Jul 19 23:17:03 UTC 2013


Hello Folks,
I was thinking of CSRF protection methods, and realize its infeasible unless we provide some widget library. There's one such thing named jWidget in the core of jframework project, and is still in beta, but is based on security.
Please take a peek at it, and provide these three points:
1. Do you know any other means of protecting against CSRF, instead of this approach ? (The jCSRF implementation provided in a paper by R. Sekar from Stony Brook, is one such thing. Abhishek plz study it and see if its a good idea for us to implement this instead of the widget library)
2. How can we abstract jWidget, to make more of a flexible library than a toolset?
3. If you can extract the ideas inside jWidget, and make a library based on them, how so?

@Andrew, I'm really looking forward to your professional feedback on this as well.
Thanks
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130720/2761a12e/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list